• Share
  • Email
  • Embed
  • Like
  • Save
  • Private Content
20100925 cloudy security - porticor
 

20100925 cloudy security - porticor

on

  • 1,312 views

 

Statistics

Views

Total Views
1,312
Views on SlideShare
1,273
Embed Views
39

Actions

Likes
0
Downloads
0
Comments
0

3 Embeds 39

http://www.porticor.com 37
http://www.sys-con.com 1
http://porticor.sys-con.com 1

Accessibility

Categories

Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

    20100925 cloudy security - porticor 20100925 cloudy security - porticor Presentation Transcript

    • Bringing Cloud operational benefits to the world of security and privacy
      Gilad Parann-Nissany
      http://www.porticor.comcontact@porticor.com
      CSA Congress, November 16th-17th, 2010
      12/7/2010
      www.porticor.com © PORTICOR 2009, 2010
    • 12/7/2010
      www.porticor.com © PORTICOR 2009, 2010
      2
    • Goals
      Focus: public cloud
      Because its in some ways more challenging than private cloud
      Focus: IaaS/PaaS
      SaaS controlled by vendor
      Agenda
      Baseline assumptions
      Threat analysis
      What’s really new? What’s not?
      Cloud-deployed security tools
      Demo: WAF in the cloud
      Cloud-specific security considerations
      Demo: securing the data layer
      Summary: flexibility in the cloud
      12/7/2010
      www.porticor.com © PORTICOR 2009, 2010
      3
      “Cloudy” Security
    • NOT “selling cloud”
      Customer IT has evaluated what they would feel comfortable putting in the cloud
      Customer IT understands that – in IaaS/PaaS – they still retain some responsibility
      Customer IT is asking the questions: “how to meet our responsibility, how to do security reasonably, and what are the tools to use?”
      12/7/2010
      www.porticor.com © PORTICOR 2009, 2010
      4
      Baseline assumptions for this discussion
    • Shared Technology Vulnerabilities
      Data Loss/Data Leakage
      Malicious Insiders
      Account Service or Hijacking of Traffic
      Insecure APIs
      Nefarious Use of Service
      Unknown Risk Profile
      12/7/2010
      www.porticor.com © PORTICOR 2009, 2010
      5
      Threat Analysis: I/PaaS
      PaaS
      Platform as a Service
      IaaS
      Infrastructure as a Service
      (*) courtesy “Cloud Security Alliance: Assuring the future of Cloud Computing”: S. Loureiro, 2010
    • Some known concepts translate to cloud with a twist
      APIs
      SaaS security
      Usage of IaaS
      And of course, there is some pretty new stuff
      More about this later…
      12/7/2010
      Copyright 2009, 2010 ©Porticor
      What’s new? What carries over?
    • 12/7/2010
      Copyright 2009, 2010 ©Porticor
      Translating known concepts to cloud
      Examples
      …and more
    • Cloud
      Data
      Demo 1
      12/7/2010
      Confidential ©Porticor
      Internet
      Business
      Compute
    • Secure distributed data storage
      Keys management
      Hypervisors and virtual machines
      Role of encryption changes
      New data protection measures emerge (i.e. fragmentation)
      Physical security of cloud environments
      12/7/2010
      www.porticor.com © PORTICOR 2009, 2010
      9
      Some new considerations
    • Cloud
      Demo 2
      12/7/2010
      Confidential ©Porticor
      Internet
      Business
      Mgmt Site
      Compute
      Data
    • Package complex privacy and security technology
      Get the operations and economics right
      Pay as you go
      Privacy and security solutions can be brought up in a reasonable time – not months
      Privacy and security have proper service level guarantees
      Backed by proper SLA and/or Warranty
      12/7/2010
      www.porticor.com © PORTICOR 2009, 2010
      11
      Elasticity, Flexibility, Management
    • 12/7/2010
      Confidential ©Porticor
      Thank You!
      Questions
      ?